Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for identifying unusual intervals in an information technology (IT) system, the method comprising: training, by a processor, a log analysis system based on historical data for the IT system, the historical data including a plurality of intervals each having an interval anomaly score, wherein the training comprises: ordering the plurality of intervals in ascending order based on the interval anomaly scores: dividing the ordered intervals evenly into a fixed number of groups; and calculating a cumulative anomaly score for each of the groups; receiving, by the log analysis system, status messages from a plurality of pieces of IT equipment in the IT system; grouping the status messages into an interval and calculating an interval anomaly score for the interval; and comparing the interval anomaly score with one or more priority level cutoffs created by the training and responsively generating an alert based on the comparison, wherein the alert indicates that the interval is unusual.
A method for identifying unusual activity in an IT system involves training a log analysis system using past data. This historical data consists of many time intervals, each with an anomaly score. The training process includes sorting these intervals by their anomaly scores, dividing them into equal groups, and calculating a cumulative anomaly score for each group. Subsequently, the system receives status messages from various IT components, groups these messages into a new time interval, and calculates an anomaly score for this new interval. This score is then compared against priority level cutoffs established during the training phase. Based on this comparison, an alert is generated if the interval's anomaly score indicates unusual activity.
2. The method of claim 1 , wherein the training further comprises calculating the one or more priority level cutoffs based on a statistical analysis of the cumulative anomaly scores.
The method for identifying unusual activity in an IT system, as described previously, includes training a log analysis system using past data consisting of time intervals with anomaly scores. The training involves sorting these intervals, dividing them into equal groups, and calculating a cumulative anomaly score for each group. In addition to this, the training process calculates priority level cutoffs based on a statistical analysis of these cumulative anomaly scores. This statistical analysis determines the thresholds used to trigger alerts about unusual activity. Then, the system receives status messages from various IT components, groups these messages into a new time interval, and calculates an anomaly score for this new interval which is compared against priority level cutoffs created during the training phase to responsively generating an alert.
3. The method of claim 2 , wherein the statistical analysis of the cumulative anomaly scores includes plotting a graph of the cumulative anomaly scores and calculating a first derivative of the cumulative anomaly scores.
The method for identifying unusual activity in an IT system, as described previously, includes training a log analysis system using past data consisting of time intervals with anomaly scores. The training involves sorting these intervals, dividing them into equal groups, and calculating a cumulative anomaly score for each group. The training process calculates priority level cutoffs based on a statistical analysis of the cumulative anomaly scores. This statistical analysis specifically involves plotting a graph of the cumulative anomaly scores and calculating the first derivative of these scores. Then, the system receives status messages from various IT components, groups these messages into a new time interval, and calculates an anomaly score for this new interval which is compared against priority level cutoffs created during the training phase to responsively generating an alert.
4. The method of claim 2 , wherein the statistical analysis of the cumulative anomaly scores includes plotting a graph of the cumulative message anomaly scores and calculating a second derivative of a sum of the cumulative message anomaly score for interval n.
The method for identifying unusual activity in an IT system, as described previously, includes training a log analysis system using past data consisting of time intervals with anomaly scores. The training involves sorting these intervals, dividing them into equal groups, and calculating a cumulative anomaly score for each group. The training process calculates priority level cutoffs based on a statistical analysis of the cumulative anomaly scores. This statistical analysis involves plotting a graph of the cumulative message anomaly scores and calculating the second derivative of the sum of the cumulative message anomaly scores for interval n. Then, the system receives status messages from various IT components, groups these messages into a new time interval, and calculates an anomaly score for this new interval which is compared against priority level cutoffs created during the training phase to responsively generating an alert.
5. The method of claim 2 , wherein the statistical analysis of the cumulative anomaly scores includes calculating a linear regression of the cumulative message anomaly scores to predict a sum of the cumulative message anomaly score for an interval.
The method for identifying unusual activity in an IT system, as described previously, includes training a log analysis system using past data consisting of time intervals with anomaly scores. The training involves sorting these intervals, dividing them into equal groups, and calculating a cumulative anomaly score for each group. The training process calculates priority level cutoffs based on a statistical analysis of the cumulative anomaly scores. This statistical analysis involves calculating a linear regression of the cumulative message anomaly scores to predict the sum of the cumulative message anomaly score for an interval. Then, the system receives status messages from various IT components, groups these messages into a new time interval, and calculates an anomaly score for this new interval which is compared against priority level cutoffs created during the training phase to responsively generating an alert.
6. The method of claim 1 , wherein the one or more priority level cutoffs are further based on a user input.
The method for identifying unusual activity in an IT system involves training a log analysis system using past data consisting of time intervals with anomaly scores. The training process includes sorting the intervals by anomaly score, dividing them into groups, and calculating cumulative anomaly scores. The system receives status messages, groups them into intervals, and calculates an anomaly score. The calculated anomaly score is compared against priority level cutoffs to generate alerts. The priority level cutoffs are further based on a user input allowing administrators to adjust the sensitivity of the alert system.
Unknown
September 26, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.